<?php 
	//insert user
	if(isset($_GET['control']) && $_GET['control'] == "insert"){
		if(@$errors == "")
		{
			if($filename<>""){
				uploadFile("users","uploadfile");
			}
			if(@$errors == "")
			{
				$sql="INSERT INTO  tbl_user (gro_id,cat_id,gender,full_name,user_login,password,active,email,phone,address, photo,remark,user_create,date_create)
				VALUES ('$gro_id','$cat_id','$gender','$fullName','$userLog','$pass','$active','$email','$phone','$address','$filename','$remark','$user_name',now())";
				if(query($sql))
				{
					// save activity log
					$module		= 'User';
					$message	= 'Create New user: '.$userLog;
					$affected_row=saveActivityLog($module,$message,getUserName());
					if($affected_row)
						pageRedirect("index.php?page=user_list&action=user_new&","Successful...!");
					
				}else{
					deleteFile("users/".$filename);
				}
			}				
		}	
	}
	//update user
	if(isset($_GET['control']) && $_GET['control'] == "update"){	
		
		if(@$errors == "")
		{
			if($filename != "")
			{
				uploadFile("users","uploadfile");
				if(@$errors == "")
				{
					//concetenate field name
					$fieldimage = ", photo='$filename'";
				}				
			}							
		}
		if(@$errors == "")
		{
				if($pass!=""){
					$sql = "UPDATE tbl_user SET gro_id='$gro_id',cat_id = '$cat_id',gender='$gender',full_name='$fullName'
						,user_login='$userLog',password='$pass',active='$active',
						email='$email', phone='$phone', address='$address'  
						{$fieldimage}, remark='$remark', user_update='$user_name', date_update=now() WHERE user_id=$_GET[user_id]";
				}else{
					$sql ="UPDATE tbl_user SET gro_id='$gro_id',cat_id = '$cat_id',gender='$gender',full_name='$fullName'
						,user_login='$userLog',active='$active',email='$email', phone='$phone', address='$address'  
						{$fieldimage}, remark='$remark', user_update='$user_name', date_update=now() WHERE user_id=$_GET[user_id]";
				}
				
				if(query($sql))
				{
					if($filename != "")
					{
						deleteFile("users/{$oldfilename}");	
					 	$filename = $filename;
					}
					// save activity log
					$module		= 'User';
					$message	= 'Update user: '.$userLog;
					$affected_row=saveActivityLog($module,$message,getUserName());
					if($affected_row)
						pageRedirect("index.php?page=user_list&action=user_list&","Updated successful...!");
				}									
		}	
	}
	
	
	// actvie or deactive user
	if(isset($_GET['control']) && $_GET['control'] == "publish"){
		function updatePublish($publish)
		{	
			$publish = $publish == 1 ? 0 : 1;
			$user_id = $_REQUEST["user_id"];
			$sql = "UPDATE tbl_user SET active={$publish} WHERE user_id=$user_id";
			query($sql);
			// save activity log
			$module		= 'User';
			$message	= 'Publish user name: '.$_REQUEST['user_name'];
			$affected_row=saveActivityLog($module,$message,getUserName());
			if($affected_row)
				pageRedirect("index.php?page=user_list&action=user_list&","Active successful...!");	
		}
		if(isset($_REQUEST["active"]))
		{
			updatePublish($_REQUEST["active"]);
			
		}
	}
	
	// actvie or deactive user
	if(isset($_GET['control']) && $_GET['control'] == "change"){
		$where=array("user_id" => getUserId());
		$data=array("password" => $pass );
		$updated = update("tbl_user",$data,$where);
		if($updated){
		// save activity log
		$module		= 'User';
		$message	= 'Update password user: '.getUserName();
		$affected_row=saveActivityLog($module,$message,getUserName());
		if($affected_row)
			pageRedirect("index.php?page=home&action=home&","Updated password successful...!");	
		}
	}
?>